[OE-core][kirkstone][PATCH] bash: changes to SIGINT handler while waiting for a child
From: Wenlin Kang It rarely observes the problem while running shell script aborting test repeatedly, at the problem, the test shell script never returns to shell Steps to reproduce: 1. Run test script and ctrl-c repeatedly 2. Observe whether returns to shell after ctrl-c Fixed issue: https://lists.gnu.org/archive/html/bug-bash/2023-10/msg00131.html Signed-off-by: Wenlin Kang --- ...T-handler-while-waiting-for-a-child-.patch | 229 ++ meta/recipes-extended/bash/bash_5.1.16.bb | 1 + 2 files changed, 230 insertions(+) create mode 100644 meta/recipes-extended/bash/bash/0001-changes-to-SIGINT-handler-while-waiting-for-a-child-.patch diff --git a/meta/recipes-extended/bash/bash/0001-changes-to-SIGINT-handler-while-waiting-for-a-child-.patch b/meta/recipes-extended/bash/bash/0001-changes-to-SIGINT-handler-while-waiting-for-a-child-.patch new file mode 100644 index 00..c12b4b7766 --- /dev/null +++ b/meta/recipes-extended/bash/bash/0001-changes-to-SIGINT-handler-while-waiting-for-a-child-.patch @@ -0,0 +1,229 @@ +From 7e84276e07c0835a8729d6fe1265e70eedb2a7f7 Mon Sep 17 00:00:00 2001 +From: Chet Ramey +Date: Mon, 30 Oct 2023 12:16:07 -0400 +Subject: [PATCH] changes to SIGINT handler while waiting for a child; skip + vertical whitespace after translating an integer + +Upstream-Status: Backport +https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel=fe24a6a55e8850298b496c5b9d82f1866eba190e + +[Adjust and drop some codes to be applicable the tree] +Signed-off-by: Wenlin Kang +--- + general.c | 5 +++-- + jobs.c| 26 -- + tests/redir.right | 4 ++-- + tests/redir11.sub | 2 ++ + tests/type.right | 16 + tests/type.tests | 24 + 6 files changed, 43 insertions(+), 34 deletions(-) + +diff --git a/general.c b/general.c +index 50d5216..68987e2 100644 +--- a/general.c b/general.c +@@ -262,8 +262,9 @@ legal_number (string, result) + if (errno || ep == string) + return 0; /* errno is set on overflow or underflow */ + +- /* Skip any trailing whitespace, since strtoimax does not. */ +- while (whitespace (*ep)) ++ /* Skip any trailing whitespace, since strtoimax does not, using the same ++ test that strtoimax uses for leading whitespace. */ ++ while (isspace ((unsigned char) *ep)) + ep++; + + /* If *string is not '\0' but *ep is '\0' on return, the entire string +diff --git a/jobs.c b/jobs.c +index 7c3b6e8..84dab4d 100644 +--- a/jobs.c b/jobs.c +@@ -2727,6 +2727,10 @@ wait_for_background_pids (ps) + #define INVALID_SIGNAL_HANDLER (SigHandler *)wait_for_background_pids + static SigHandler *old_sigint_handler = INVALID_SIGNAL_HANDLER; + ++/* The current SIGINT handler as set by restore_sigint_handler. Only valid ++ immediately after restore_sigint_handler, used for continuations. */ ++static SigHandler *cur_sigint_handler = INVALID_SIGNAL_HANDLER; ++ + static int wait_sigint_received; + static int child_caught_sigint; + +@@ -2743,6 +2747,7 @@ wait_sigint_cleanup () + static void + restore_sigint_handler () + { ++ cur_sigint_handler = old_sigint_handler; + if (old_sigint_handler != INVALID_SIGNAL_HANDLER) + { + set_signal_handler (SIGINT, old_sigint_handler); +@@ -2766,8 +2771,7 @@ wait_sigint_handler (sig) + restore_sigint_handler (); + /* If we got a SIGINT while in `wait', and SIGINT is trapped, do +what POSIX.2 says (see builtins/wait.def for more info). */ +- if (this_shell_builtin && this_shell_builtin == wait_builtin && +-signal_is_trapped (SIGINT) && ++ if (signal_is_trapped (SIGINT) && + ((sigint_handler = trap_to_sighandler (SIGINT)) == trap_handler)) + { + trap_handler (SIGINT);/* set pending_traps[SIGINT] */ +@@ -2792,6 +2796,8 @@ wait_sigint_handler (sig) + { + set_exit_status (128+SIGINT); + restore_sigint_handler (); ++ if (cur_sigint_handler == INVALID_SIGNAL_HANDLER) ++ set_sigint_handler (); /* XXX - only do this in one place */ + kill (getpid (), SIGINT); + } + +@@ -2934,15 +2940,15 @@ wait_for (pid, flags) + { + SigHandler *temp_sigint_handler; + +- temp_sigint_handler = set_signal_handler (SIGINT, wait_sigint_handler); +- if (temp_sigint_handler == wait_sigint_handler) +- { ++ temp_sigint_handler = old_sigint_handler; ++ old_sigint_handler = set_signal_handler (SIGINT, wait_sigint_handler); ++ if (old_sigint_handler == wait_sigint_handler) ++ { + #if defined (DEBUG) +-internal_warning ("wait_for: recursively setting old_sigint_handler to wait_sigint_handler: running_trap = %d", running_trap); ++ internal_debug ("wait_for: recursively setting old_sigint_handler to wait_sigint_handler: running_trap = %d", running_trap); + #endif +- } +- else +- old_sigint_handler = temp_sigint_handler; ++
Re: [OE-core][PATCH] libxcrypt: fixed some build error for nativesdk with mingw
On 11/22/2023 06:44, Khem Raj wrote: CAUTION: This email comes from a non Wind River email account! Do not click links or open attachments unless you recognize the sender and know the content is safe. On Tue, Nov 21, 2023 at 2:42 PM Richard Purdie wrote: On Tue, 2023-11-21 at 01:41 -0800, wenlin.k...@windriver.com via lists.openembedded.org wrote: From: Wenlin Kang Steps to reproduce 1) add layer meta-mingw 2) add line in local.conf SDKMACHINE = "x86_64-mingw32" 3) bitbake nativesdk-libxcrypt Fixed: 1. pedantic error | ../git/lib/crypt.c:316:24: error: ISO C does not allow extra ';' outside of a function [-Werror=pedantic] | 316 | SYMVER_crypt_gensalt_rn; | | 2. conversion error | ../git/lib/util-get-random-bytes.c: In function '_crypt_get_random_bytes': | ../git/lib/util-get-random-bytes.c:140:42: error: conversion from 'size_t' {aka 'long long unsigned int'} to 'unsigned int' may change value [-Werror=conversion] | 140 | ssize_t nread = read (fd, buf, buflen); Signed-off-by: Wenlin Kang --- ...dom-bytes.c-fixed-conversion-error-w.patch | 47 +++ meta/recipes-core/libxcrypt/libxcrypt.inc | 6 ++- 2 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch diff --git a/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch b/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch new file mode 100644 index 00..3846f76674 --- /dev/null +++ b/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch @@ -0,0 +1,47 @@ +From ff99091eb8a6b9e6edc567f6d2552183fbaacec3 Mon Sep 17 00:00:00 2001 +From: Wenlin Kang +Date: Mon, 6 Nov 2023 14:43:28 +0800 +Subject: [PATCH] lib/util-get-random-bytes.c: fixed conversion error with + mingw + +With x86_64-w64-mingw32-gcc. get below error: +| ../git/lib/util-get-random-bytes.c: In function '_crypt_get_random_bytes': +| ../git/lib/util-get-random-bytes.c:140:42: error: conversion from 'size_t' {aka 'long long unsigned int'} to 'unsigned int' may change value [-Werror=conversion] +| 140 | ssize_t nread = read (fd, buf, buflen); +| | ^~ + +In util-get-random-bytes.c, has get_random_bytes(void *buf, size_t buflen), +but in mingw-w64-mingw-w64/mingw-w64-headers/crt/io.h, read() has "unsigned int" +read(int _FileHandle,void *_DstBuf,unsigned int _MaxCharCount), and has: + #ifdef _WIN64 + __MINGW_EXTENSION typedef unsigned __int64 size_t; + #else + typedef unsigned int size_t; + #endif /* _WIN64 */ + +Upstream-Status: Pending + +Signed-off-by: Wenlin Kang +--- + lib/util-get-random-bytes.c | 4 + 1 file changed, 4 insertions(+) + +diff --git a/lib/util-get-random-bytes.c b/lib/util-get-random-bytes.c +index 79816db..68cd378 100644 +--- a/lib/util-get-random-bytes.c b/lib/util-get-random-bytes.c +@@ -137,7 +137,11 @@ get_random_bytes(void *buf, size_t buflen) + dev_urandom_doesnt_work = true; + else + { ++#ifdef _WIN64 ++ ssize_t nread = read (fd, buf, (unsigned int)buflen); ++#else + ssize_t nread = read (fd, buf, buflen); ++#endif + if (nread < 0 || (size_t)nread < buflen) + dev_urandom_doesnt_work = true; + +-- +2.25.1 + diff --git a/meta/recipes-core/libxcrypt/libxcrypt.inc b/meta/recipes-core/libxcrypt/libxcrypt.inc index ba93d91aef..b93d56b4dc 100644 --- a/meta/recipes-core/libxcrypt/libxcrypt.inc +++ b/meta/recipes-core/libxcrypt/libxcrypt.inc @@ -13,7 +13,9 @@ SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol= SRCREV = "f531a36aa916a22ef2ce7d270ba381e264250cbf" SRCBRANCH ?= "master" -SRC_URI += "file://fix_cflags_handling.patch" +SRC_URI += "file://fix_cflags_handling.patch \ + file://0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch \ + " PROVIDES = "virtual/crypt" @@ -26,4 +28,6 @@ CPPFLAGS:append:class-nativesdk = " -Wno-error" API = "--disable-obsolete-api" EXTRA_OECONF += "${API}" +CFLAGS:append:class-nativesdk = " -Wno-pedantic" + BBCLASSEXTEND = "native nativesdk" Should this go to meta-mingw instead of OE-Core? Shouldn't something be submitted upstream? This certainly isn't the kind of patch we want to carry. yeah I tend to agree, even though they are backports but the nature of fixes is very windows specific Okay, thanks for your comments, I will send it to upstream and meta-mingw. Cheers, Richard -- -- Thanks Wenlin Kang -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#191129): https://lists.openembedded.org/g/op
[OE-core][PATCH] libxcrypt: fixed some build error for nativesdk with mingw
From: Wenlin Kang Steps to reproduce 1) add layer meta-mingw 2) add line in local.conf SDKMACHINE = "x86_64-mingw32" 3) bitbake nativesdk-libxcrypt Fixed: 1. pedantic error | ../git/lib/crypt.c:316:24: error: ISO C does not allow extra ';' outside of a function [-Werror=pedantic] | 316 | SYMVER_crypt_gensalt_rn; | | 2. conversion error | ../git/lib/util-get-random-bytes.c: In function '_crypt_get_random_bytes': | ../git/lib/util-get-random-bytes.c:140:42: error: conversion from 'size_t' {aka 'long long unsigned int'} to 'unsigned int' may change value [-Werror=conversion] | 140 | ssize_t nread = read (fd, buf, buflen); Signed-off-by: Wenlin Kang --- ...dom-bytes.c-fixed-conversion-error-w.patch | 47 +++ meta/recipes-core/libxcrypt/libxcrypt.inc | 6 ++- 2 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch diff --git a/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch b/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch new file mode 100644 index 00..3846f76674 --- /dev/null +++ b/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch @@ -0,0 +1,47 @@ +From ff99091eb8a6b9e6edc567f6d2552183fbaacec3 Mon Sep 17 00:00:00 2001 +From: Wenlin Kang +Date: Mon, 6 Nov 2023 14:43:28 +0800 +Subject: [PATCH] lib/util-get-random-bytes.c: fixed conversion error with + mingw + +With x86_64-w64-mingw32-gcc. get below error: +| ../git/lib/util-get-random-bytes.c: In function '_crypt_get_random_bytes': +| ../git/lib/util-get-random-bytes.c:140:42: error: conversion from 'size_t' {aka 'long long unsigned int'} to 'unsigned int' may change value [-Werror=conversion] +| 140 | ssize_t nread = read (fd, buf, buflen); +| | ^~ + +In util-get-random-bytes.c, has get_random_bytes(void *buf, size_t buflen), +but in mingw-w64-mingw-w64/mingw-w64-headers/crt/io.h, read() has "unsigned int" +read(int _FileHandle,void *_DstBuf,unsigned int _MaxCharCount), and has: + #ifdef _WIN64 + __MINGW_EXTENSION typedef unsigned __int64 size_t; + #else + typedef unsigned int size_t; + #endif /* _WIN64 */ + +Upstream-Status: Pending + +Signed-off-by: Wenlin Kang +--- + lib/util-get-random-bytes.c | 4 + 1 file changed, 4 insertions(+) + +diff --git a/lib/util-get-random-bytes.c b/lib/util-get-random-bytes.c +index 79816db..68cd378 100644 +--- a/lib/util-get-random-bytes.c b/lib/util-get-random-bytes.c +@@ -137,7 +137,11 @@ get_random_bytes(void *buf, size_t buflen) + dev_urandom_doesnt_work = true; + else + { ++#ifdef _WIN64 ++ ssize_t nread = read (fd, buf, (unsigned int)buflen); ++#else + ssize_t nread = read (fd, buf, buflen); ++#endif + if (nread < 0 || (size_t)nread < buflen) + dev_urandom_doesnt_work = true; + +-- +2.25.1 + diff --git a/meta/recipes-core/libxcrypt/libxcrypt.inc b/meta/recipes-core/libxcrypt/libxcrypt.inc index ba93d91aef..b93d56b4dc 100644 --- a/meta/recipes-core/libxcrypt/libxcrypt.inc +++ b/meta/recipes-core/libxcrypt/libxcrypt.inc @@ -13,7 +13,9 @@ SRC_URI = "git://github.com/besser82/libxcrypt.git;branch=${SRCBRANCH};protocol= SRCREV = "f531a36aa916a22ef2ce7d270ba381e264250cbf" SRCBRANCH ?= "master" -SRC_URI += "file://fix_cflags_handling.patch" +SRC_URI += "file://fix_cflags_handling.patch \ + file://0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch \ + " PROVIDES = "virtual/crypt" @@ -26,4 +28,6 @@ CPPFLAGS:append:class-nativesdk = " -Wno-error" API = "--disable-obsolete-api" EXTRA_OECONF += "${API}" +CFLAGS:append:class-nativesdk = " -Wno-pedantic" + BBCLASSEXTEND = "native nativesdk" -- 2.39.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#190961): https://lists.openembedded.org/g/openembedded-core/message/190961 Mute This Topic: https://lists.openembedded.org/mt/102725680/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone][PATCH] libxcrypt: fixed some build error for nativesdk with mingw
From: Wenlin Kang Steps to reproduce 1) add layer meta-mingw 2) add line in local.conf SDKMACHINE = "x86_64-mingw32" 3) bitbake nativesdk-libxcrypt Fixed: 1. .symver error | {standard input}: Assembler messages: | {standard input}:4: Error: unknown pseudo-op: `.symver' 2. pedantic error | ../git/lib/crypt.c:316:24: error: ISO C does not allow extra ';' outside of a function [-Werror=pedantic] | 316 | SYMVER_crypt_gensalt_rn; | | 3. conversion error | ../git/lib/util-get-random-bytes.c: In function '_crypt_get_random_bytes': | ../git/lib/util-get-random-bytes.c:140:42: error: conversion from 'size_t' {aka 'long long unsigned int'} to 'unsigned int' may change value [-Werror=conversion] | 140 | ssize_t nread = read (fd, buf, buflen); Signed-off-by: Wenlin Kang --- .../0001-Fix-for-compilation-on-Windows.patch | 37 +++ ...dom-bytes.c-fixed-conversion-error-w.patch | 47 +++ meta/recipes-core/libxcrypt/libxcrypt.inc | 4 ++ 3 files changed, 88 insertions(+) create mode 100644 meta/recipes-core/libxcrypt/files/0001-Fix-for-compilation-on-Windows.patch create mode 100644 meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch diff --git a/meta/recipes-core/libxcrypt/files/0001-Fix-for-compilation-on-Windows.patch b/meta/recipes-core/libxcrypt/files/0001-Fix-for-compilation-on-Windows.patch new file mode 100644 index 00..5760ee09cc --- /dev/null +++ b/meta/recipes-core/libxcrypt/files/0001-Fix-for-compilation-on-Windows.patch @@ -0,0 +1,37 @@ +From a507b628a5a5d4e4f1cf0f0a9a72967470ee7624 Mon Sep 17 00:00:00 2001 +From: Brecht Sanders +Date: Fri, 3 Feb 2023 08:44:49 +0100 +Subject: [PATCH] Fix for compilation on Windows + +This fix allows the library to build on Windows (at least with MinGW-w64). + +`.symver` is only supported for ELF format but Windows uses COFF/PE. + +Workaround dummy define of `symver_set()` + +Upstream-Status: Backport [https://github.com/besser82/libxcrypt/commit/a507b628a5a5d4e4f1cf0f0a9a72967470ee7624] + +Signed-off-by: Wenlin Kang +--- + lib/crypt-port.h | 5 + + 1 file changed, 5 insertions(+) + +diff --git a/lib/crypt-port.h b/lib/crypt-port.h +index f06ca24..a707939 100644 +--- a/lib/crypt-port.h b/lib/crypt-port.h +@@ -201,6 +201,11 @@ extern size_t strcpy_or_abort (void *dst, size_t d_size, const void *src); + __asm__(".globl _" extstr); \ + __asm__(".set _" extstr ", _" #intname) + ++#elif defined _WIN32 ++ ++/* .symver is only supported for ELF format, Windows uses COFF/PE */ ++# define symver_set(extstr, intname, version, mode) ++ + #elif defined __GNUC__ && __GNUC__ >= 3 + + # define _strong_alias(name, aliasname) \ +-- +2.34.1 + diff --git a/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch b/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch new file mode 100644 index 00..3846f76674 --- /dev/null +++ b/meta/recipes-core/libxcrypt/files/0001-lib-util-get-random-bytes.c-fixed-conversion-error-w.patch @@ -0,0 +1,47 @@ +From ff99091eb8a6b9e6edc567f6d2552183fbaacec3 Mon Sep 17 00:00:00 2001 +From: Wenlin Kang +Date: Mon, 6 Nov 2023 14:43:28 +0800 +Subject: [PATCH] lib/util-get-random-bytes.c: fixed conversion error with + mingw + +With x86_64-w64-mingw32-gcc. get below error: +| ../git/lib/util-get-random-bytes.c: In function '_crypt_get_random_bytes': +| ../git/lib/util-get-random-bytes.c:140:42: error: conversion from 'size_t' {aka 'long long unsigned int'} to 'unsigned int' may change value [-Werror=conversion] +| 140 | ssize_t nread = read (fd, buf, buflen); +| | ^~ + +In util-get-random-bytes.c, has get_random_bytes(void *buf, size_t buflen), +but in mingw-w64-mingw-w64/mingw-w64-headers/crt/io.h, read() has "unsigned int" +read(int _FileHandle,void *_DstBuf,unsigned int _MaxCharCount), and has: + #ifdef _WIN64 + __MINGW_EXTENSION typedef unsigned __int64 size_t; + #else + typedef unsigned int size_t; + #endif /* _WIN64 */ + +Upstream-Status: Pending + +Signed-off-by: Wenlin Kang +--- + lib/util-get-random-bytes.c | 4 + 1 file changed, 4 insertions(+) + +diff --git a/lib/util-get-random-bytes.c b/lib/util-get-random-bytes.c +index 79816db..68cd378 100644 +--- a/lib/util-get-random-bytes.c b/lib/util-get-random-bytes.c +@@ -137,7 +137,11 @@ get_random_bytes(void *buf, size_t buflen) + dev_urandom_doesnt_work = true; + else + { ++#ifdef _WIN64 ++ ssize_t nread = read (fd, buf, (unsigned int)buflen); ++#else + ssize_t nread = read (fd, buf, buflen); ++#endif + if (nread < 0 || (size_t)nread < buflen) + dev_urandom_doesnt_work = true; + +-- +2.25.1 + diff --git a/meta/recipes-core/libxcrypt/libxcrypt.inc
[OE-core][PATCH] libsdl2: fix CVE-2020-14409 CVE-2020-14410
From: Wenlin Kang CVE-2020-14409 SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. CVE-2020-14410 SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. References: https://nvd.nist.gov/vuln/detail/CVE-2020-14409 https://nvd.nist.gov/vuln/detail/CVE-2020-14410 Upstream patches: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9 https://hg.libsdl.org/SDL/rev/ed0e044e308c Signed-off-by: Wenlin Kang --- .../CVE-2020-14409-CVE-2020-14410-1.patch | 84 +++ .../CVE-2020-14409-CVE-2020-14410-2.patch | 35 .../libsdl2/libsdl2_2.0.12.bb | 2 + 3 files changed, 121 insertions(+) create mode 100644 meta/recipes-graphics/libsdl2/libsdl2/CVE-2020-14409-CVE-2020-14410-1.patch create mode 100644 meta/recipes-graphics/libsdl2/libsdl2/CVE-2020-14409-CVE-2020-14410-2.patch diff --git a/meta/recipes-graphics/libsdl2/libsdl2/CVE-2020-14409-CVE-2020-14410-1.patch b/meta/recipes-graphics/libsdl2/libsdl2/CVE-2020-14409-CVE-2020-14410-1.patch new file mode 100644 index 00..aba21581de --- /dev/null +++ b/meta/recipes-graphics/libsdl2/libsdl2/CVE-2020-14409-CVE-2020-14410-1.patch @@ -0,0 +1,84 @@ +From 1ede8ee20669d2c103c9568f75733b376b69e2d2 Mon Sep 17 00:00:00 2001 +From: Sam Lantinga +Date: Wed, 27 Jan 2021 07:08:36 + +Subject: [PATCH 1/2] Fixed overflow in surface pitch calculation + +Upstream-Status: Backport +CVE: CVE-2020-14409,CVE-2020-14410 + +Reference to upstream patch: +https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9 + +Signed-off-by: Wenlin Kang +--- + src/video/SDL_surface.c | 24 +++- + 1 file changed, 15 insertions(+), 9 deletions(-) + +diff --git a/src/video/SDL_surface.c b/src/video/SDL_surface.c +index 3795b94..c8075f1 100644 +--- a/src/video/SDL_surface.c b/src/video/SDL_surface.c +@@ -27,25 +27,23 @@ + #include "SDL_pixels_c.h" + #include "SDL_yuv_c.h" + +- +-/* Check to make sure we can safely check multiplication of surface w and pitch and it won't overflow size_t */ +-SDL_COMPILE_TIME_ASSERT(surface_size_assumptions, +-sizeof(int) == sizeof(Sint32) && sizeof(size_t) >= sizeof(Sint32)); ++/* Check to make sure we can safely check multiplication of surface w and pitch and it won't overflow Sint64 */ ++SDL_COMPILE_TIME_ASSERT(surface_size_assumptions, sizeof(int) == sizeof(Sint32)); + + /* Public routines */ + + /* + * Calculate the pad-aligned scanline width of a surface + */ +-static int ++static Sint64 + SDL_CalculatePitch(Uint32 format, int width) + { +-int pitch; ++Sint64 pitch; + + if (SDL_ISPIXELFORMAT_FOURCC(format) || SDL_BITSPERPIXEL(format) >= 8) { +-pitch = (width * SDL_BYTESPERPIXEL(format)); ++pitch = ((Sint64)width * SDL_BYTESPERPIXEL(format)); + } else { +-pitch = ((width * SDL_BITSPERPIXEL(format)) + 7) / 8; ++ pitch = (((Sint64)width * SDL_BITSPERPIXEL(format)) + 7) / 8; + } + pitch = (pitch + 3) & ~3; /* 4-byte aligning for speed */ + return pitch; +@@ -59,11 +57,19 @@ SDL_Surface * + SDL_CreateRGBSurfaceWithFormat(Uint32 flags, int width, int height, int depth, +Uint32 format) + { ++Sint64 pitch; + SDL_Surface *surface; + + /* The flags are no longer used, make the compiler happy */ + (void)flags; + ++pitch = SDL_CalculatePitch(format, width); ++if (pitch < 0 || pitch > SDL_MAX_SINT32) { ++/* Overflow... */ ++SDL_OutOfMemory(); ++return NULL; ++} ++ + /* Allocate the surface */ + surface = (SDL_Surface *) SDL_calloc(1, sizeof(*surface)); + if (surface == NULL) { +@@ -78,7 +84,7 @@ SDL_CreateRGBSurfaceWithFormat(Uint32 flags, int width, int height, int depth, + } + surface->w = width; + surface->h = height; +-surface->pitch = SDL_CalculatePitch(format, width); ++surface->pitch = (int)pitch; + SDL_SetClipRect(surface, NULL); + + if (SDL_ISPIXELFORMAT_INDEXED(surface->format->format)) { +-- +2.17.1 + diff --git a/meta/recipes-graphics/libsdl2/libsdl2/CVE-2020-14409-CVE-2020-14410-2.patch b/meta/recipes-graphics/libsdl2/libsdl2/CVE-2020-14409-CVE-2020-14410-2.patch new file mode 100644 index 00..929be75457 --- /dev/null +++ b/meta/recipes-graphics/libsdl2/libsdl2/CVE-2020-14409-CVE-2020-14410-2.patch @@ -0,0 +1,35 @@ +From 2029bd75a501623106cfd0400cffe38d22f1b005 Mon Sep 17 00:00:00 2001 +From: Sam Lantinga +Date: Wed, 27 Jan 2021 07:25:26 + +Subject: [PATCH 2/2] Reverted comment change in previous commit + +Upstream-Status: Backport +CVE: CVE-2020-14409,CVE-2020-14410 + +Reference to upstream patch: +https://hg.libsdl.org/SDL/rev/ed0e044e308c + +Signed-off-by: Wenlin Kang +--- + src/video/SDL_surface.c | 5 +++-- + 1 file changed, 3 insertions(+), 2
[OE-core][zeus][PATCH] nasm: fix CVE-2020-24978
Fix CVE-2020-24978 Signed-off-by: Wenlin Kang --- ...BR3392712-pp_tokline-fix-double-free.patch | 36 +++ meta/recipes-devtools/nasm/nasm_2.14.02.bb| 1 + 2 files changed, 37 insertions(+) create mode 100644 meta/recipes-devtools/nasm/nasm/0001-BR3392712-pp_tokline-fix-double-free.patch diff --git a/meta/recipes-devtools/nasm/nasm/0001-BR3392712-pp_tokline-fix-double-free.patch b/meta/recipes-devtools/nasm/nasm/0001-BR3392712-pp_tokline-fix-double-free.patch new file mode 100644 index 00..b2cd3fe24b --- /dev/null +++ b/meta/recipes-devtools/nasm/nasm/0001-BR3392712-pp_tokline-fix-double-free.patch @@ -0,0 +1,36 @@ +From 652c58c92d9e8eaf09a0eb125c4fe2d4b6cc3397 Mon Sep 17 00:00:00 2001 +From: Cyrill Gorcunov +Date: Tue, 15 Sep 2020 15:50:20 +0800 +Subject: [PATCH] BR3392712: pp_tokline: fix double free + +Make sure the data being freed get double +freed after -- the pointers must be zapped +(actually nasm_free and free_tlist support +being called with NULL pointer as an argument). + +Upstream-Status: Backport [https://github.com/netwide-assembler/nasm/commit/8806c3ca007b84accac21dd88b900fb03614ceb7] +CVE: CVE-2020-24978 + +Signed-off-by: Cyrill Gorcunov +Signed-off-by: Wenlin Kang +--- + asm/preproc.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/asm/preproc.c b/asm/preproc.c +index 2737ec1..da2c9c9 100644 +--- a/asm/preproc.c b/asm/preproc.c +@@ -5119,6 +5119,9 @@ static char *pp_getline(void) + free_tlist(m->iline); + nasm_free(m->paramlen); + l->finishes->in_progress = 0; ++m->params = NULL; ++m->iline = NULL; ++m->paramlen = NULL; + } + } + +-- +2.13.3 + diff --git a/meta/recipes-devtools/nasm/nasm_2.14.02.bb b/meta/recipes-devtools/nasm/nasm_2.14.02.bb index bd4ecea8b6..bb2b58f87e 100644 --- a/meta/recipes-devtools/nasm/nasm_2.14.02.bb +++ b/meta/recipes-devtools/nasm/nasm_2.14.02.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=90904486f8fbf1861cf42752e1a39efe" SRC_URI = "http://www.nasm.us/pub/nasm/releasebuilds/${PV}/nasm-${PV}.tar.bz2 \ file://CVE-2018-19755.patch \ file://CVE-2019-14248.patch \ + file://0001-BR3392712-pp_tokline-fix-double-free.patch \ " SRC_URI[md5sum] = "3f489aa48ad2aa1f967dc5e293bbd06f" -- 2.17.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142599): https://lists.openembedded.org/g/openembedded-core/message/142599 Mute This Topic: https://lists.openembedded.org/mt/76880218/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][zeus][PATCH] systemd: fix CVE-2020-13776
Backport from systemd.git. (OE-Core master rev: a1b22b2263da6d11a4e0cbfa792d2bd1e56f5346) Signed-off-by: Wenlin Kang --- .../systemd/systemd/CVE-2020-13776.patch | 96 +++ meta/recipes-core/systemd/systemd_243.2.bb| 1 + 2 files changed, 97 insertions(+) create mode 100644 meta/recipes-core/systemd/systemd/CVE-2020-13776.patch diff --git a/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch b/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch new file mode 100644 index 00..7b5e3e7f7a --- /dev/null +++ b/meta/recipes-core/systemd/systemd/CVE-2020-13776.patch @@ -0,0 +1,96 @@ +From 156a5fd297b61bce31630d7a52c15614bf784843 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 31 May 2020 18:21:09 +0200 +Subject: [PATCH 1/1] basic/user-util: always use base 10 for user/group + numbers + +We would parse numbers with base prefixes as user identifiers. For example, +"0x2b3bfa0" would be interpreted as UID==45334432 and "01750" would be +interpreted as UID==1000. This parsing was used also in cases where either a +user/group name or number may be specified. This means that names like +0x2b3bfa0 would be ambiguous: they are a valid user name according to our +documented relaxed rules, but they would also be parsed as numeric uids. + +This behaviour is definitely not expected by users, since tools generally only +accept decimal numbers (e.g. id, getent passwd), while other tools only accept +user names and thus will interpret such strings as user names without even +attempting to convert them to numbers (su, ssh). So let's follow suit and only +accept numbers in decimal notation. Effectively this means that we will reject +such strings as a username/uid/groupname/gid where strict mode is used, and try +to look up a user/group with such a name in relaxed mode. + +Since the function changed is fairly low-level and fairly widely used, this +affects multiple tools: loginctl show-user/enable-linger/disable-linger foo', +the third argument in sysusers.d, fourth and fifth arguments in tmpfiles.d, +etc. + +Fixes #15985. +--- + src/basic/user-util.c | 2 +- + src/test/test-user-util.c | 10 ++ + 2 files changed, 11 insertions(+), 1 deletion(-) + +--- end of commit 156a5fd297b61bce31630d7a52c15614bf784843 --- + + +Add definition of safe_atou32_full() from commit b934ac3d6e7dcad114776ef30ee9098693e7ab7e + +CVE: CVE-2020-13776 + +Upstream-Status: Backport [https://github.com/systemd/systemd.git] + +Signed-off-by: Joe Slater + + + +--- git.orig/src/basic/user-util.c git/src/basic/user-util.c +@@ -49,7 +49,7 @@ int parse_uid(const char *s, uid_t *ret) + assert(s); + + assert_cc(sizeof(uid_t) == sizeof(uint32_t)); +-r = safe_atou32(s, ); ++r = safe_atou32_full(s, 10, ); + if (r < 0) + return r; + +--- git.orig/src/test/test-user-util.c git/src/test/test-user-util.c +@@ -48,9 +48,19 @@ static void test_parse_uid(void) { + + r = parse_uid("65535", ); + assert_se(r == -ENXIO); ++assert_se(uid == 100); ++ ++r = parse_uid("0x1234", ); ++assert_se(r == -EINVAL); ++assert_se(uid == 100); ++ ++r = parse_uid("01234", ); ++assert_se(r == 0); ++assert_se(uid == 1234); + + r = parse_uid("asdsdas", ); + assert_se(r == -EINVAL); ++assert_se(uid == 1234); + } + + static void test_uid_ptr(void) { +--- git.orig/src/basic/parse-util.h git/src/basic/parse-util.h +@@ -45,9 +45,13 @@ static inline int safe_atoux16(const cha + + int safe_atoi16(const char *s, int16_t *ret); + +-static inline int safe_atou32(const char *s, uint32_t *ret_u) { ++static inline int safe_atou32_full(const char *s, unsigned base, uint32_t *ret_u) { + assert_cc(sizeof(uint32_t) == sizeof(unsigned)); +-return safe_atou(s, (unsigned*) ret_u); ++return safe_atou_full(s, base, (unsigned*) ret_u); ++} ++ ++static inline int safe_atou32(const char *s, uint32_t *ret_u) { ++return safe_atou32_full(s, 0, (unsigned*) ret_u); + } + + static inline int safe_atoi32(const char *s, int32_t *ret_i) { diff --git a/meta/recipes-core/systemd/systemd_243.2.bb b/meta/recipes-core/systemd/systemd_243.2.bb index 082eb4c384..905348176c 100644 --- a/meta/recipes-core/systemd/systemd_243.2.bb +++ b/meta/recipes-core/systemd/systemd_243.2.bb @@ -25,6 +25,7 @@ SRC_URI += "file://touchscreen.rules \ file://0001-unit-file.c-consider-symlink-on-filesystems-like-NFS.patch \ file://99-default.preset \ file://0001-Merge-branch-polkit-ref-count.patch \ + file://CVE-2020-13776.patch \ " # patches needed by musl -- 2.17.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#140082): https://lists.openembedded.org/g/openembedded-core/message/140082 Mute This Topic:
[OE-core][zeus][PATCH v2] nfs-utils: fix CVE-2019-3689
Fix CVE-2019-3689 Signed-off-by: Wenlin Kang --- ...atd-take-user-id-from-var-lib-nfs-sm.patch | 102 ++ .../nfs-utils/nfs-utils_2.4.1.bb | 1 + 2 files changed, 103 insertions(+) create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/0001-statd-take-user-id-from-var-lib-nfs-sm.patch diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-statd-take-user-id-from-var-lib-nfs-sm.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-statd-take-user-id-from-var-lib-nfs-sm.patch new file mode 100644 index 00..87f4f098e0 --- /dev/null +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-statd-take-user-id-from-var-lib-nfs-sm.patch @@ -0,0 +1,102 @@ +From 12ee0ff1120a6e42b67cc90ad7d5006555e866c3 Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Tue, 23 Jun 2020 09:22:22 + +Subject: [PATCH] statd: take user-id from /var/lib/nfs/sm + +Having /var/lib/nfs writeable by statd is not ideal +as there are files in there that statd doesn't need +to access. +After dropping privs, statd and sm-notify only need to +access files in the directories sm and sm.bak. +So take the uid for these deamons from 'sm'. + +Upstream-Status: Backport [https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=fee2cc29e888f2ced6a76990923aef19d326dc0e] +CVE: CVE-2019-3689 + +Signed-off-by: NeilBrown +Signed-off-by: Steve Dickson +Signed-off-by: Wenlin Kang +--- + support/nsm/file.c| 16 +--- + utils/statd/sm-notify.man | 10 +- + utils/statd/statd.man | 10 +- + 3 files changed, 23 insertions(+), 13 deletions(-) + +diff --git a/support/nsm/file.c b/support/nsm/file.c +index 0b66f12..f5b4480 100644 +--- a/support/nsm/file.c b/support/nsm/file.c +@@ -388,23 +388,17 @@ nsm_drop_privileges(const int pidfd) + + (void)umask(S_IRWXO); + +- /* +- * XXX: If we can't stat dirname, or if dirname is owned by +- * root, we should use "statduser" instead, which is set up +- * by configure.ac. Nothing in nfs-utils seems to use +- * "statduser," though. +- */ +- if (lstat(nsm_base_dirname, ) == -1) { +- xlog(L_ERROR, "Failed to stat %s: %m", nsm_base_dirname); +- return false; +- } +- + if (chdir(nsm_base_dirname) == -1) { + xlog(L_ERROR, "Failed to change working directory to %s: %m", + nsm_base_dirname); + return false; + } + ++ if (lstat(NSM_MONITOR_DIR, ) == -1) { ++ xlog(L_ERROR, "Failed to stat %s/%s: %m", nsm_base_dirname, NSM_MONITOR_DIR); ++ return false; ++ } ++ + if (!prune_bounding_set()) + return false; + +diff --git a/utils/statd/sm-notify.man b/utils/statd/sm-notify.man +index cfe1e4b..addf5d3 100644 +--- a/utils/statd/sm-notify.man b/utils/statd/sm-notify.man +@@ -190,7 +190,15 @@ by default. + After starting, + .B sm-notify + attempts to set its effective UID and GID to the owner +-and group of this directory. ++and group of the subdirectory ++.B sm ++of this directory. After changing the effective ids, ++.B sm-notify ++only needs to access files in ++.B sm ++and ++.B sm.bak ++within the state-directory-path. + .TP + .BI -v " ipaddr " | " hostname + Specifies the network address from which to send reboot notifications, +diff --git a/utils/statd/statd.man b/utils/statd/statd.man +index 71d5846..6222701 100644 +--- a/utils/statd/statd.man b/utils/statd/statd.man +@@ -259,7 +259,15 @@ by default. + After starting, + .B rpc.statd + attempts to set its effective UID and GID to the owner +-and group of this directory. ++and group of the subdirectory ++.B sm ++of this directory. After changing the effective ids, ++.B rpc.statd ++only needs to access files in ++.B sm ++and ++.B sm.bak ++within the state-directory-path. + .TP + .BR -v ", " -V ", " --version + Causes +-- +2.23.0 + diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb index 3ae8f965c8..458e534864 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb @@ -34,6 +34,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x file://0001-Don-t-build-tools-with-CC_FOR_BUILD.patch \ file://0001-Fix-include-order-between-config.h-and-stat.h.patch \ file://0001-Disable-statx-if-using-glibc-emulation.patch \ + file://0001-statd-take-user-id-from-var-lib-nfs-sm.patch \ " SRC_URI_append_libc-glibc = " file://0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch" SRC_URI_append_libc-musl = " file://nfs-utils-musl-res_querydomain.patch" -- 2.17.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#140061):
[OE-core][zeus][PATCH] nfs-utils: fix CVE-2019-3689
Fix CVE-2019-3689 Signed-off-by: Wenlin Kang --- ...atd-take-user-id-from-var-lib-nfs-sm.patch | 102 ++ .../nfs-utils/nfs-utils_2.4.1.bb | 1 + 2 files changed, 103 insertions(+) create mode 100644 meta/recipes-connectivity/nfs-utils/nfs-utils/0001-statd-take-user-id-from-var-lib-nfs-sm.patch diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-statd-take-user-id-from-var-lib-nfs-sm.patch b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-statd-take-user-id-from-var-lib-nfs-sm.patch new file mode 100644 index 00..21fed52233 --- /dev/null +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils/0001-statd-take-user-id-from-var-lib-nfs-sm.patch @@ -0,0 +1,102 @@ +From 12ee0ff1120a6e42b67cc90ad7d5006555e866c3 Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Tue, 23 Jun 2020 09:22:22 + +Subject: [PATCH] statd: take user-id from /var/lib/nfs/sm + +Having /var/lib/nfs writeable by statd is not ideal +as there are files in there that statd doesn't need +to access. +After dropping privs, statd and sm-notify only need to +access files in the directories sm and sm.bak. +So take the uid for these deamons from 'sm'. + +Upsteam-Status: Backport [https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=fee2cc29e888f2ced6a76990923aef19d326dc0e] +CVE: CVE-2019-3689 + +Signed-off-by: NeilBrown +Signed-off-by: Steve Dickson +Signed-off-by: Wenlin Kang +--- + support/nsm/file.c| 16 +--- + utils/statd/sm-notify.man | 10 +- + utils/statd/statd.man | 10 +- + 3 files changed, 23 insertions(+), 13 deletions(-) + +diff --git a/support/nsm/file.c b/support/nsm/file.c +index 0b66f12..f5b4480 100644 +--- a/support/nsm/file.c b/support/nsm/file.c +@@ -388,23 +388,17 @@ nsm_drop_privileges(const int pidfd) + + (void)umask(S_IRWXO); + +- /* +- * XXX: If we can't stat dirname, or if dirname is owned by +- * root, we should use "statduser" instead, which is set up +- * by configure.ac. Nothing in nfs-utils seems to use +- * "statduser," though. +- */ +- if (lstat(nsm_base_dirname, ) == -1) { +- xlog(L_ERROR, "Failed to stat %s: %m", nsm_base_dirname); +- return false; +- } +- + if (chdir(nsm_base_dirname) == -1) { + xlog(L_ERROR, "Failed to change working directory to %s: %m", + nsm_base_dirname); + return false; + } + ++ if (lstat(NSM_MONITOR_DIR, ) == -1) { ++ xlog(L_ERROR, "Failed to stat %s/%s: %m", nsm_base_dirname, NSM_MONITOR_DIR); ++ return false; ++ } ++ + if (!prune_bounding_set()) + return false; + +diff --git a/utils/statd/sm-notify.man b/utils/statd/sm-notify.man +index cfe1e4b..addf5d3 100644 +--- a/utils/statd/sm-notify.man b/utils/statd/sm-notify.man +@@ -190,7 +190,15 @@ by default. + After starting, + .B sm-notify + attempts to set its effective UID and GID to the owner +-and group of this directory. ++and group of the subdirectory ++.B sm ++of this directory. After changing the effective ids, ++.B sm-notify ++only needs to access files in ++.B sm ++and ++.B sm.bak ++within the state-directory-path. + .TP + .BI -v " ipaddr " | " hostname + Specifies the network address from which to send reboot notifications, +diff --git a/utils/statd/statd.man b/utils/statd/statd.man +index 71d5846..6222701 100644 +--- a/utils/statd/statd.man b/utils/statd/statd.man +@@ -259,7 +259,15 @@ by default. + After starting, + .B rpc.statd + attempts to set its effective UID and GID to the owner +-and group of this directory. ++and group of the subdirectory ++.B sm ++of this directory. After changing the effective ids, ++.B rpc.statd ++only needs to access files in ++.B sm ++and ++.B sm.bak ++within the state-directory-path. + .TP + .BR -v ", " -V ", " --version + Causes +-- +2.23.0 + diff --git a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb index 3ae8f965c8..458e534864 100644 --- a/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb +++ b/meta/recipes-connectivity/nfs-utils/nfs-utils_2.4.1.bb @@ -34,6 +34,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/nfs-utils/${PV}/nfs-utils-${PV}.tar.x file://0001-Don-t-build-tools-with-CC_FOR_BUILD.patch \ file://0001-Fix-include-order-between-config.h-and-stat.h.patch \ file://0001-Disable-statx-if-using-glibc-emulation.patch \ + file://0001-statd-take-user-id-from-var-lib-nfs-sm.patch \ " SRC_URI_append_libc-glibc = " file://0001-configure.ac-Do-not-fatalize-Wmissing-prototypes.patch" SRC_URI_append_libc-musl = " file://nfs-utils-musl-res_querydomain.patch" -- 2.17.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#140058):
[OE-core][PATCH V2] populate_sdk_base.bbclass: fix warning: name not matched
When do populate_sdk with SDK_ARCHIVE_TYPE = "zip", have below warning in log file, this patch fixes it. zip warning: name not matched: sysroots/core2-64-poky-linux/etc/tmpfiles.d/etc.conf zip warning: name not matched: sysroots/core2-64-poky-linux/etc/tmpfiles.d/home.conf zip warning: name not matched: sysroots/core2-64-poky-linux/etc/resolv-conf.systemd zip warning: name not matched: sysroots/core2-64-poky-linux/etc/mtab zip warning: name not matched: sysroots/core2-64-poky-linux/etc/resolv.conf zip warning: name not matched: sysroots/core2-64-poky-linux/var/lock zip warning: name not matched: sysroots/core2-64-poky-linux/usr/lib/environment.d/99-environment.conf zip warning: name not matched: sysroots/core2-64-poky-linux/sbin/klogd zip warning: name not matched: sysroots/core2-64-poky-linux/sbin/syslogd zip warning: name not matched: sysroots/x86_64-pokysdk-linux/usr/bin/chfn zip warning: name not matched: sysroots/x86_64-pokysdk-linux/usr/bin/chsh zip warning: name not matched: sysroots/x86_64-pokysdk-linux/usr/bin/passwd zip warning: name not matched: sysroots/x86_64-pokysdk-linux/usr/bin/chpasswd zip warning: name not matched: sysroots/x86_64-pokysdk-linux/sbin/vipw zip warning: name not matched: sysroots/x86_64-pokysdk-linux/sbin/vigr zip warning: name not matched: sysroots/x86_64-pokysdk-linux/sbin/nologin Signed-off-by: Wenlin Kang --- meta/classes/populate_sdk_base.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/populate_sdk_base.bbclass b/meta/classes/populate_sdk_base.bbclass index f85c3b9f62..990505e89b 100644 --- a/meta/classes/populate_sdk_base.bbclass +++ b/meta/classes/populate_sdk_base.bbclass @@ -58,7 +58,7 @@ python () { d.setVar('SDK_ARCHIVE_DEPENDS', 'zip-native') # SDK_ARCHIVE_CMD used to generate archived sdk ${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} from input dir ${SDK_OUTPUT}/${SDKPATH} to output dir ${SDKDEPLOYDIR} # recommand to cd into input dir first to avoid archive with buildpath - d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .') + d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r -y ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .') else: d.setVar('SDK_ARCHIVE_DEPENDS', 'xz-native') d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; tar ${SDKTAROPTS} -cf - . | xz ${SDK_XZ_OPTIONS} > ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE}') -- 2.23.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#138156): https://lists.openembedded.org/g/openembedded-core/message/138156 Mute This Topic: https://lists.openembedded.org/mt/74154998/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][zeus][PATCH V2] populate_sdk_base.bbclass: fix warning: name not matched
When do populate_sdk with SDK_ARCHIVE_TYPE = "zip", will have below warnig in log file, this patch fixes it. Fix below warning: zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/udev/rules.d/80-net-setup-link.rules zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/tmpfiles.d/etc.conf zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/tmpfiles.d/home.conf zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/systemd/network/80-wired.network zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/resolv.conf zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/mtab zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/resolv-conf.systemd zip warning: name not matched: sysroots/aarch64-wrs-linux/var/lock Signed-off-by: Wenlin Kang --- meta/classes/populate_sdk_base.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/populate_sdk_base.bbclass b/meta/classes/populate_sdk_base.bbclass index d03465b6fc..b5c004d832 100644 --- a/meta/classes/populate_sdk_base.bbclass +++ b/meta/classes/populate_sdk_base.bbclass @@ -55,7 +55,7 @@ python () { d.setVar('SDK_ARCHIVE_DEPENDS', 'zip-native') # SDK_ARCHIVE_CMD used to generate archived sdk ${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} from input dir ${SDK_OUTPUT}/${SDKPATH} to output dir ${SDKDEPLOYDIR} # recommand to cd into input dir first to avoid archive with buildpath - d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .') + d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r -y ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .') else: d.setVar('SDK_ARCHIVE_DEPENDS', 'xz-native') d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; tar ${SDKTAROPTS} -cf - . | xz -T 0 -9 > ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE}') -- 2.23.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#138155): https://lists.openembedded.org/g/openembedded-core/message/138155 Mute This Topic: https://lists.openembedded.org/mt/74154832/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][zeus][PATCH] populate_sdk_base.bbclass: fix warning: name not matched
On 2020/5/8 上午11:04, Mittal, Anuj wrote: Hi, On Wed, 2020-05-06 at 01:46 -0700, wenlin.k...@windriver.com wrote: Fix below warning: zip warning: name not matched: sysroots/aarch64-wrs- linux/etc/udev/rules.d/80-net-setup-link.rules zip warning: name not matched: sysroots/aarch64-wrs- linux/etc/tmpfiles.d/etc.conf zip warning: name not matched: sysroots/aarch64-wrs- linux/etc/tmpfiles.d/home.conf zip warning: name not matched: sysroots/aarch64-wrs- linux/etc/systemd/network/80-wired.network zip warning: name not matched: sysroots/aarch64-wrs- linux/etc/resolv.conf zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/mtab zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/resolv- conf.systemd zip warning: name not matched: sysroots/aarch64-wrs-linux/var/lock Is this specific to zeus? I don't see this change in master/dunfell. It'd be great if you could include more details in commit message explaining what is happening. No, this issue can be seen in master too, but this patch is only to zeus, for master, I have sent patch too. Steps: 1. Setup poky[zeus]project 2. In local.conf, add: SDK_ARCHIVE_TYPE = "zip" 3. bitbake core-image-minimal -c populate_sdk 4. check log file log.do_populate_sdk Thanks, Anuj Signed-off-by: Wenlin Kang --- meta/classes/populate_sdk_base.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/populate_sdk_base.bbclass b/meta/classes/populate_sdk_base.bbclass index d03465b6fc..b5c004d832 100644 --- a/meta/classes/populate_sdk_base.bbclass +++ b/meta/classes/populate_sdk_base.bbclass @@ -55,7 +55,7 @@ python () { d.setVar('SDK_ARCHIVE_DEPENDS', 'zip-native') # SDK_ARCHIVE_CMD used to generate archived sdk ${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} from input dir ${SDK_OUTPUT}/${SDKPATH} to output dir ${SDKDEPLOYDIR} # recommand to cd into input dir first to avoid archive with buildpath - d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .') + d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r -y ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .') else: d.setVar('SDK_ARCHIVE_DEPENDS', 'xz-native') d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; tar ${SDKTAROPTS} -cf - . | xz -T 0 -9 > ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE}') -- Thanks, Wenlin Kang -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#138049): https://lists.openembedded.org/g/openembedded-core/message/138049 Mute This Topic: https://lists.openembedded.org/mt/74024894/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][zeus][PATCH] populate_sdk_base.bbclass: fix warning: name not matched
Fix below warning: zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/udev/rules.d/80-net-setup-link.rules zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/tmpfiles.d/etc.conf zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/tmpfiles.d/home.conf zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/systemd/network/80-wired.network zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/resolv.conf zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/mtab zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/resolv-conf.systemd zip warning: name not matched: sysroots/aarch64-wrs-linux/var/lock Signed-off-by: Wenlin Kang --- meta/classes/populate_sdk_base.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/populate_sdk_base.bbclass b/meta/classes/populate_sdk_base.bbclass index d03465b6fc..b5c004d832 100644 --- a/meta/classes/populate_sdk_base.bbclass +++ b/meta/classes/populate_sdk_base.bbclass @@ -55,7 +55,7 @@ python () { d.setVar('SDK_ARCHIVE_DEPENDS', 'zip-native') # SDK_ARCHIVE_CMD used to generate archived sdk ${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} from input dir ${SDK_OUTPUT}/${SDKPATH} to output dir ${SDKDEPLOYDIR} # recommand to cd into input dir first to avoid archive with buildpath - d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .') + d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r -y ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .') else: d.setVar('SDK_ARCHIVE_DEPENDS', 'xz-native') d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; tar ${SDKTAROPTS} -cf - . | xz -T 0 -9 > ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE}') -- 2.23.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#137970): https://lists.openembedded.org/g/openembedded-core/message/137970 Mute This Topic: https://lists.openembedded.org/mt/74024894/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][PATCH] populate_sdk_base.bbclass: fix warning: name not matched
Fix below warning: zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/udev/rules.d/80-net-setup-link.rules zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/tmpfiles.d/etc.conf zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/tmpfiles.d/home.conf zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/systemd/network/80-wired.network zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/resolv.conf zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/mtab zip warning: name not matched: sysroots/aarch64-wrs-linux/etc/resolv-conf.systemd zip warning: name not matched: sysroots/aarch64-wrs-linux/var/lock Signed-off-by: Wenlin Kang --- meta/classes/populate_sdk_base.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/populate_sdk_base.bbclass b/meta/classes/populate_sdk_base.bbclass index f85c3b9..990505e 100644 --- a/meta/classes/populate_sdk_base.bbclass +++ b/meta/classes/populate_sdk_base.bbclass @@ -58,7 +58,7 @@ python () { d.setVar('SDK_ARCHIVE_DEPENDS', 'zip-native') # SDK_ARCHIVE_CMD used to generate archived sdk ${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} from input dir ${SDK_OUTPUT}/${SDKPATH} to output dir ${SDKDEPLOYDIR} # recommand to cd into input dir first to avoid archive with buildpath - d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .') + d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; zip -r -y ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE} .') else: d.setVar('SDK_ARCHIVE_DEPENDS', 'xz-native') d.setVar('SDK_ARCHIVE_CMD', 'cd ${SDK_OUTPUT}/${SDKPATH}; tar ${SDKTAROPTS} -cf - . | xz ${SDK_XZ_OPTIONS} > ${SDKDEPLOYDIR}/${TOOLCHAIN_OUTPUTNAME}.${SDK_ARCHIVE_TYPE}') -- 1.9.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#137966): https://lists.openembedded.org/g/openembedded-core/message/137966 Mute This Topic: https://lists.openembedded.org/mt/74024515/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][zeus][PATCH] systemd: Fix CVE-2020-1712
Fix CVE-2020-1712 Signed-off-by: Wenlin Kang --- .../0001-Merge-branch-polkit-ref-count.patch | 520 ++ meta/recipes-core/systemd/systemd_243.2.bb| 1 + 2 files changed, 521 insertions(+) create mode 100644 meta/recipes-core/systemd/systemd/0001-Merge-branch-polkit-ref-count.patch diff --git a/meta/recipes-core/systemd/systemd/0001-Merge-branch-polkit-ref-count.patch b/meta/recipes-core/systemd/systemd/0001-Merge-branch-polkit-ref-count.patch new file mode 100644 index 00..e684ab8755 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/0001-Merge-branch-polkit-ref-count.patch @@ -0,0 +1,520 @@ +From 0062d795bf29301ae054e1826a7189198a2565c4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 14 Apr 2020 09:06:53 + +Subject: [PATCH] Merge branch 'polkit-ref-count' + +Upsteam-Status: Backport [https://github.com/systemd/systemd/commit/ea0d0ede03c6f18dbc5036c5e9cccf97e415ccc2] +CVE: CVE-2020-1712 + +Signed-off-by: Wenlin Kang +--- + TODO| 2 +- + man/rules/meson.build | 1 + + man/sd_bus_enqueue_for_read.xml | 88 + src/libsystemd/libsystemd.sym | 1 + + src/libsystemd/sd-bus/sd-bus.c | 24 + + src/shared/bus-util.c | 179 +--- + src/systemd/sd-bus.h| 1 + + 7 files changed, 235 insertions(+), 61 deletions(-) + create mode 100644 man/sd_bus_enqueue_for_read.xml + +diff --git a/TODO b/TODO +index c5b5b86057..5c5ea1f568 100644 +--- a/TODO b/TODO +@@ -184,7 +184,7 @@ Features: + + * the a-posteriori stopping of units bound to units that disappeared logic + should be reworked: there should be a queue of units, and we should only +- enqeue stop jobs from a defer event that processes queue instead of ++ enqueue stop jobs from a defer event that processes queue instead of + right-away when we find a unit that is bound to one that doesn't exist + anymore. (similar to how the stop-unneeded queue has been reworked the same + way) +diff --git a/man/rules/meson.build b/man/rules/meson.build +index 3b63311d7b..e80ed98c34 100644 +--- a/man/rules/meson.build b/man/rules/meson.build +@@ -192,6 +192,7 @@ manpages = [ +'sd_bus_open_user_with_description', +'sd_bus_open_with_description'], + ''], ++ ['sd_bus_enqueue_for_read', '3', [], ''], + ['sd_bus_error', + '3', + ['SD_BUS_ERROR_MAKE_CONST', +diff --git a/man/sd_bus_enqueue_for_read.xml b/man/sd_bus_enqueue_for_read.xml +new file mode 100644 +index 00..3318a3031b +--- /dev/null b/man/sd_bus_enqueue_for_read.xml +@@ -0,0 +1,88 @@ ++ ++http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd;> ++ ++ ++http://www.w3.org/2001/XInclude;> ++ ++ ++sd_bus_enqueue_for_read ++systemd ++ ++ ++ ++sd_bus_enqueue_for_read ++3 ++ ++ ++ ++sd_bus_enqueue_for_read ++ ++Re-enqueue a bus message on a bus connection, for reading. ++ ++ ++ ++ ++ #include systemd/sd-bus.h ++ ++ ++int sd_bus_enqueue_for_read ++sd_bus *bus ++sd_bus_message *message ++ ++ ++ ++ ++ ++ ++Description ++ ++sd_bus_enqueue_for_read() may be used to re-enqueue an incoming bus message on ++the local read queue, so that it is processed and dispatched locally again, similar to how an incoming ++message from the peer is processed. Takes a bus connection object and the message to enqueue. A reference ++is taken of the message and the caller's reference thus remains in possession of the caller. The message ++is enqueued at the end of the queue, thus will be dispatched after all other already queued messages are ++dispatched. ++ ++This call is primarily useful for dealing with incoming method calls that may be processed only ++after an additional asynchronous operation completes. One example are PolicyKit authorization requests ++that are determined to be necessary to authorize a newly incoming method call: when the PolicyKit response ++is received the original method call may be re-enqueued to process it again, this time with the ++authorization result known. ++ ++ ++ ++Return Value ++ ++On success, this function return 0 or a positive integer. On failure, it returns a negative errno-style ++error code. ++ ++ ++ Errors ++ ++ Returned errors may indicate the following problems: ++ ++ ++ ++ -ECHILD ++ ++ The bus connection has been created in a different process. ++ ++ ++ ++ ++ ++ ++ ++ ++See Also ++ ++ ++ systemd1, ++ sd-bus3, ++ sd_bus_send3, ++ ++ ++ ++ +diff --git a/src/libsystemd/libsystemd.sym b/src/libsystemd/libsystemd.sym +index 5ec42e0f1f..c40f1b7d1a 100644 +--- a/src/libsystemd/libsystemd.sym b/src/libsystemd/libsystemd.sym +@@ -679,6 +679,7 @@ global: + + LIBSYSTEMD_243 { + global: ++